Paranoid Penguin - Security Features in Ubuntu

For a couple years, I resisted my friends' attempts to get me to
check out Ubuntu. I thought, “What's the big deal? It's just another
Debian derivative.” But, of course, I was wrong. Ubuntu is remarkably easy
to install and use, and although it is indeed based on Debian, its emphasis
on usability and simplicity sets it apart.

Furthermore, both the Desktop and Server editions of Ubuntu use
dual-purpose live CDs that can be used either to install Ubuntu or
run it from CD without affecting any other operating systems on your hard
disk. This makes it easy to test-drive Ubuntu before installing it
to your hard disk. (The live CD method of booting Linux has important,
useful security ramifications; however, that will be the topic of an entire
future column.)

So, I have been messing around with Ubuntu quite a bit lately and thought
you might enjoy a survey of its security capabilities.

First, a quick note about the scope of this article—I'm sticking to Ubuntu
Desktop; space doesn't permit me to include Ubuntu Server, but I might
cover it in a future column. Suffice it to say for now that Ubuntu
Server is a subset of Ubuntu Desktop, lacking the X Window System and
most other non-server-related software.

I also do not explicitly cover Kubuntu, which simply is Ubuntu running the
KDE desktop rather than GNOME; Edubuntu, which emphasizes educational
applications; or Xubuntu, which is Ubuntu with the Xfce desktop. Everything
I cover in this article should apply to these Ubuntu variants, but there may be
subtle differences here and there.

Note also that Gobuntu, an experimental subset of Ubuntu consisting
only of completely free/unencumbered software packages, probably has
considerably fewer security features and packages than Ubuntu
proper.

Ubuntu vs. Debian

Ubuntu security isn't very far removed from Debian security; underneath
the GUI, Ubuntu is very similar to Debian. In this sense, Ubuntu shares
all of Debian's security potential, and then
some. If a given
security tool is available as a deb package that works correctly in
the current version of Debian, it also can be installed in the
current version of Ubuntu.

So, why dedicate an entire article to Ubuntu security? Two reasons. First,
because it has been more than a year since my last article on Debian
security. Second, Ubuntu has a few key differences from standard
Debian: its status as a live CD distribution (which among other things
makes it a good choice for running on untrusted hardware) and its ease of
use, which on the one hand, doesn't yet much apply to Ubuntu's security
features, but it does make Ubuntu more attractive to non-expert users than
Debian proper, amplify the ramifications of Ubuntu security. Ubuntu also uses AppArmor, a powerful means of restricting
dæmon behavior.

Software is the key difference between Debian and Ubuntu. I've long
been of the opinion that Debian's staggering array of software packages
is also one of its biggest challenges. Figuring out which of those
thousands of packages you need can be confusing even for expert
users. A key design goal of Ubuntu is, therefore, to support a smaller,
carefully selected subset of Debian's packages.

Ubuntu, however, doesn't merely rebundle standard Debian packages. Ubuntu
maintains its own versions, and according to Wikipedia, in many cases,
Debian and Ubuntu packages aren't even binary-compatible. (The Ubuntu
team has pledged to keep Ubuntu compatible with Debian by sharing all
changes it makes to Debian packages, but the Debian team has grumbled
about Ubuntu's team not being prompt enough in doing so.)

The biggest source of confusion I've experienced with
Ubuntu personally is that Ubuntu uses a different package repository schema than Debian,
and Ubuntu's own Web pages aren't terribly clear as to how it works. But,
it's actually straightforward.

The main repository consists of fully supported, free (unencumbered)
packages that are maintained by the Ubuntu team, the core of which is
employees of Canonical Ltd. The main repository, therefore, is the heart of Ubuntu.

The restricted repository consists of nonfree (copyrighted) packages
that are nonetheless fully supported and maintained, due to their critical
nature. The majority of these packages are commercial hardware drivers
that lack open-source equivalents.

The universe repository contains free software packages that are
not considered part of Ubuntu's core, and therefore, they are not fully
supported. The Ubuntu team takes no responsibility for security patches
for these packages; unlike those in the main repository, security
patches for universe are issued only when the software's developers
issue them.

The multiverse repository contains commercial or otherwise IP-encumbered
packages that are not part of Ubuntu's core, and it has the
least amount of support from the Ubuntu team. As with universe,
multiverse security updates are purely opportunistic.

In all four repositories, the vast majority of Ubuntu packages correspond
with Debian packages. But, again, because all Ubuntu packages are maintained
separately, don't assume it's safe to install a package
from the universe or multiverse repositories just because it's fully supported in
Debian. The Ubuntu team is committed to providing prompt security patches
only for the main and restricted repositories.

In my opinion, this is a perfectly justifiable trade-off, just as it
is in RHEL and CentOS—the fewer packages a distribution supports,
the greater the feasibility of supporting them well, and the
lesser the complexity of the distribution. High complexity and effective
security seldom go together. However, the fact that you can't rely on
timely security updates for universe and multiverse packages also
means that Ubuntu may not be the best choice for you if you're going to
depend heavily on packages from those repositories.

Comment viewing options

Thanks for a great article. Although I have installed many distros, I don't consider myself a system administrator or security expert. Linux installation has become friendly enough that I haven't had to dig very deep to get it to work. I have been test driving *Ubuntu distros for less than a year. Your article clarified many things for me, some not security specific. Your straightforward article should be required reading for anyone about to plunge into *Ubuntu.